Connecting to cluster using kubectl

The kubectl utility allows you to perform the full range of Kubernetes cluster management operations from the command line. See official Kubernetes documentation for details.

The way to connect to the cluster depends on its IP address:

• If an external IP address is assigned to the cluster, then you can connect to it from any host with Internet access.
• If the cluster is assigned only an internal IP address, then you can connect to it only from a host in VK Cloud — a virtual machine that is located in the same subnet as the cluster.

1. On the host from which you plan to connect to the cluster, install kubectl if the utility is not already installed.

   Linux (curl)

   Linux (apt)

   Linux (yum)

   macOS (curl)

   macOS (Homebrew)

   Windows

   1. Download the correct version of kubectl.

      An example command to download the kubectl utility which is compatible with cluster version 1.23.6:

      Copy
      curl -LO https://storage.googleapis.com/kubernetes-release/release/v1.23.6/bin/linux/amd64/kubectl

   2. Make the kubectl binary file executable:

      Copy
      sudo chmod +x ./kubectl

   3. Place this file in a directory which is contained in the PATH environment variable, e.g. in /usr/local/bin:

      Copy
      sudo mv ./kubectl /usr/local/bin/kubectl

   4. Check the kubectl version by running the command:

      Copy
      kubectl version --short

2. If you plan to connect to a Kubernetes cluster version 1.23 or higher, prepare everything you need to connect using Single Sign-On (SSO).

   1. On the host from which you plan to connect to the cluster, install keystone-auth if the utility is not already installed:

      Windows (PowerShell)

      Linux (bash)/macOS (zsh)

      1. Run the command:

         Copy
         iex (New-Object System.Net.WebClient).DownloadString( `  'https://hub.mcs.mail.ru/repository/client-keystone-auth/latest/windows/client-install.ps1' `)

         This will start installing the keystone-auth utility.

      2. Confirm adding the directory with the utility to the PATH environment variable by entering Y in response to the prompt:

         Copy
         Add client-keystone-auth installation dir to your PATH? [Y/n]

   2. Determine on behalf of which user you want to connect to the cluster. Then:

      • Assign necessary role to this user.
      • Activate API access for this user.

On the host from which you plan to connect to the cluster:

1. Download the configuration file of the cluster you want to connect to to the local computer:

   1. Go to personal account VK Cloud under the account of the user who will connect to the cluster.
   2. Select the project where the necessary cluster is located.
   3. Go to Containers → Kubernetes Clusters.
   4. Expand the menu of the necessary cluster and select Get Kubeconfig to access the cluster.

   Such a file is automatically created for each new cluster and is named in the format <cluster name>_kubeconfig.yaml.

2. The configuration file contains sensitive information that should not be accessible to other users. Therefore, restrict the access rights to this file:

   Windows (PowerShell)

   Linux (bash)/macOS (zsh)

   Copy
   icacls.exe 'C:\Users\user\.kube\kubernetes-cluster-1234_kubeconfig.yaml' `  /c /t `  /Inheritance:d `  /Remove:g BUILTIN\Administrators Everyone Users `  /Grant:r ${env:UserName}:RW

3. Place the path to the configuration file in the $KUBECONFIG environment variable:

   Windows (PowerShell)

   Linux (bash)/macOS (zsh)

   Copy
   $env:KUBECONFIG = 'C:\Users\user\.kube\kubernetes-cluster-1234_kubeconfig.yaml'

If the cluster is in the nomal operation state and kubectl is configured to work with it, similar information will be dispalyed:

Copy
Kubernetes control plane is running at...CoreDNS is running at...To further debug and diagnose cluster problems, use 'kubectl cluster-info dump'.